Link to home
Start Free TrialLog in
Avatar of creativenetworks
creativenetworksFlag for United States of America

asked on

Can I generate a Self Signed Cert in Exchange 2010?

In previous setups of Exchange 2007 I found it easiest to purchase a 3rd part cert by godaddy.  In Exchange 2010 has that changed at all?  In other words can I generate a Self Signed Cert instead of a 3rd party cert?

I never could seem to get it to work right in X2k7.
ASKER CERTIFIED SOLUTION
Avatar of Alan Hardisty
Alan Hardisty
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sn1316789
sn1316789

Sorry, I said Lync, but I meant Exchange.
-J
Hi
you can get one self signed by using your domain controler certificate authority.
http://<your_DC_name>/certsrv
Yes you can

You will have to Add the below addresses in the certificate depending on your environment

Exchange 2007/2010 certificate domains

mail.domain.com (or whatever you choose to use that resolves to your servers IP Address)
autodiscover.domain.com
autodiscover.domain.local
internalservername.internaldomain.local(FQDN)
internalservername (Netbios Name)
You don't need internalservername.internaldomain.local in your certificate.
@hanccocka - A free SSL certificate does not provide a SAN / UCC (multi-domain name) certificate which is exactly why a free one is a waste of time - it simply won't work with Exchange 2007 or Exchange 2010.  It would be fine for Exchange 2003.
@alanhardisty: we have generated SAN / UCC (multi-domain certificates) at http://www.startssl.com/ and also Wildcard SSL certificates. After accepting your CSR request, it asks what other domain names you require in the certificates.

The only issue we've encounted is the CA at http://www.startssl.com/ , is sometimes not included in the root store on some workstations, but this is getting better with newer operating systems.
Certificate Subject

CN = mydocs.york.ac.uk (resolves to IP address)

Extensions

Certificate Subject ALT Name

Not Critical
DNS Name: mydocs.york.ac.uk
DNS Name: moodle.york.ac.uk
DNS Name: mail.york.ac.uk

this works for us.
as per  34456748 above, you just add the domains you need, when creating the certificate.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial